1

The two main things I'm wondering are:

  1. What causes a computer/phone/device to do a DNS lookup for its own hostname/FQDN
  2. How long after a device leaves a network will it retain the "settings" set by DHCP? (e.g. domain, search, nameservers, etc) Would it be just until it connects to another wireless network?

As far as lookups for a device's hostname, I know if you're on Linux, for example, typing sudo <whatever> often results in a hostname DNS lookup, since sudo rules can specify a hostname and your hostname might not be in /etc/hosts. Looks like maybe Apache and sendmail will lookup the hostname as well, as some kind of sanity check. But what about other operating systems (e.g. Android, iOS, etc), and other circumstances that will cause a device to lookup its own hostname?

The reason I'm asking this is I'm seeing a ton of lookups in query logs from our external authoritative DNS servers for <hostname>.subdomain.example.org, which are the names we assign devices via DHCP when they join the network. I would only expect these names to be queried for while they're on our network, and they would be in our internal DNS servers' query logs. But for some reason they're also showing up in our external query logs, hence the second question above.


Note: this is a related/kind of follow-up question to Why create a reverse DNS record for every device that connects to a wireless network?

kimbo
  • 63
  • 5
  • Seems that your internal DNS facility should not be passing requests for internal names to its masters. If dns.mydom.ex.com is a DNS, and if myhost.mydom.ex.com passes to it a lookup request for anything on mydom.ex.com.... then that should be handled by dns.mydom.ex.com, and not forwarded to an authority. If dns.mydom.ex.com doesn’t know, nobody else is going to. Either it is misconfigured, or myhost... is not passing its request there. All DNS servers have a TTL (time to live) value that determines how long a lookup result will be held in cache by the server. – Dennis Feb 25 '21 at 22:41
  • The internal DNS servers aren't passing requests to its masters. These queries are coming from outside of the network (from autonomous systems like Comcast, Google, Cox, CenturyLink, Amazon, MSFT, T-Mobile, Cloudflare, etc) – kimbo Feb 25 '21 at 23:06

2 Answers2

3

Because you forgot to put its own hostname into the /etc/hosts file

DHCP lease times are defined in your router - log in and look at what you've set (mine is 1000 minutes) or inspect your IP network settings to see what it says you've got.

You can also specify "search" settings inside /etc/resolv.conf to control whether or not things try to resolve their names, and how. "Search localhost" for example stops those unwanted resolutions.

cnd
  • 169
  • 4
  • I know it is good practice to put one's own hostname into /etc/hosts - but you do not have to do so. Although - I think your answer goes into the right direction. – Nils Mar 06 '21 at 20:51
0

Allmost all services/commands try to resolve names by default. So most propably one of these is triggering requests for its own name.

If you consider a simple netstat -tl it will try to resolve all IPs, including your own ones to names.

Nils
  • 7,695
  • 3
  • 34
  • 73